Using acl filters, Mac extended acls, Using acl filters 95 – Blade ICE G8000 User Manual

RackSwitch G8000 Application Guide

Chapter 6: Quality of Service

„

95

BMD00041, November 2008

Using ACL Filters

Access Control Lists are filters that allow you to classify data packets according to a particular
content in the packet header, such as the source address, destination address, source port num-
ber, destination port number, and others. Packet classifiers identify flows for more processing.
Each filter defines the conditions that must match for inclusion in the filter, and also the
actions that are performed when a match is made.

ACLs are used to control whether packets are forwarded or blocked at the switch ports. ACLs
can provide basic security for access to the network. For example, you can use an ACL to per-
mit one host to access a part of the network, and deny another host access to the same area.

Each ACL contains rules that define the matching criteria for data packets. The ACL checks
each packet against its rules, to determine if there is a match. If the packet matches the ACL’s
rules, the ACL performs its configured action: either permit or deny the packet.

The G8000 supports the following ACL types:

„

MAC Extended ACLs

„

IP Standard ACLs

„

IP Extended ACLs

MAC Extended ACLs

The switch supports up to 127 MAC extended ACLs, numbered from 1-65535. Use MAC
Extended ACLs to filter traffic using the following criteria:

„

Source/destination MAC address

„

VLAN

„

Ethernet protocol

„

User priority criteria

To create a MAC Extended ACL:

To delete a MAC Extended ACL:

RS G8000 (config)# access-list mac extended 1

RS G8000 (config-ext-macl)#

RS G8000 (config)# no access-list mac extended 1

RS G8000 (config)#